Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The year 2025 marks an exciting chapter for BDRSuite as we unveil a roadmap dedicated to empowering Managed Service Providers (MSPs). With a strong emphasis on Remote Centralized Management, we aim to redefine the managed backup experience for MSPs. Additionally, our roadmap introduces new features and enhancements focusing on ransomware protection, virtual environments (Proxmox VE, oVirt, KVM) and latest security updates, addressing evolving market demands and user needs.

The Cyberint (now a Check Point Company) Philippine Threat Landscape 2024-2025 report unravels the evolving cyber threats and scam operations targeting organizations in the Philippines—mainly within the Government, Education, Financial, and Telecommunications sectors. Data from Cyberint sources indicates a surge in cyber threats such as malware, social engineering, and system exploitations.

On January 8, 2025, Ivanti published a security advisory announcing the patching of a critical, actively exploited vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. Tracked as CVE-2025-0282, the vulnerability allows remote unauthenticated threat actors to achieve remote code execution (RCE) via a stack-based buffer overflow flaw. Ivanti confirmed that exploitation has only been observed in Connect Secure, and no exploitation has been reported in Policy Secure or ZTA Gateways.

Zombie APIs, sometimes called “orphaned” or “forgotten” APIs, refer to endpoints that were initially deployed for a specific purpose but are no longer actively used or maintained. These APIs are often left operational within an organization’s infrastructure due to oversight or incomplete decommissioning processes.

The healthcare industry stands at the cusp of a major transformation with the introduction of the Healthcare Information Security Accountability Act (HISAA), a progressive regulatory framework set to replace the decades-old Health Insurance Portability and Accountability Act (HIPAA). HISAA is designed to address the evolving complexities of healthcare data management, emphasizing real-time data governance, proactive monitoring, and stricter controls over third-party data exchanges.

In the rapidly evolving landscape of artificial intelligence (AI), the development of AI Agents has become a focal point for enterprises… nearly all of them. According to recent IBM research, 99% of respondents are exploring or actively developing AI agents. This surge in interest also serves to underscore the necessity for secure AI agent development.

Researchers at SlashNext warn that cybercriminals are using a WordPress plugin called “PhishWP” to spoof payment pages and steal financial information. The spoofed pages are designed to steal payment card numbers, expiration dates, CVVs, and billing addresses. The plugin can also intercept one-time passwords generated to secure the transactions. The stolen data is immediately sent to the crooks via Telegram as soon as the victim hits “enter” on the phishing page.

A phishing campaign is abusing Microsoft 365 test domains to send legitimate payment requests from PayPal, according to Fortinet’s CISO Dr. Carl Windsor. Windsor found that the threat actor registered a free MS365 test domain and used it to create a distribution list containing targets’ email addresses. The scammer then used this distribution list to send payment requests via PayPal’s web portal.

Ask Our Expert VMware vSphere Kubernetes Service (VKS), formerly known as Tanzu Kubernetes Grid (TKG) Service, has emerged as a popular platform for enterprises deploying containerized workloads, particularly those that rely on vSphere Kubernetes release (VKr), previously referred to as Tanzu Kubernetes release, for their cloud-native infrastructure.

Just as a $5,000 gaming PC won’t make someone a better gamer if they haven’t mastered the basic controls, a sophisticated security solution won’t protect an organization that hasn’t implemented fundamental security practices.